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Certificate = SEQUENCE { 

tbsCertif icate TBSCertif icate , 

signatureAlgorithm Algorithmldentif ier , 

signature BIT STRING } 



TBSCertif icate ::= SEQUENCE 
version [0] 
serialNumber 
signature 
issuer 
validity- 
sub j ect 

sub j ec t Publ icKey Inf o 
issuerUniquelD [1] 
subjectUniquelD [2] 
extensions [3] 



{ 

Version DEFAULT vl , 

Cert if icateSerialNumber, 

Algorithmldentif ier , 

Name , 

Validity, 

Name, 

Sub j ectPublicKeylnf o , 
IMPLICIT Uniqueldentif ier OPTIONAL, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
Extensions OPTIONAL } 



Version 



INTEGER { vl(0), v2(l), v3(2) } 



Certif icateSerialNumber ::= INTEGER 



Validity = SEQUENCE { 
notBef ore 
notAf ter 

Time : := CHOICE { 
utcTime 
generalTime 



Time, 
Time } 



UTCTime, 

General izedTime } 



Uniqueldentif ier ::= BIT STRING 

Sub j ectPublicKeylnf o SEQUENCE { 

algorithm Algorithmldentif ier , 

subjectPublicKey BIT STRING } 

Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 

Extension = SEQUENCE { 



extnID 

critical 

extnValue 



OBJECT IDENTIFIER, 
BOOLEAN DEFAULT FALSE, 
OCTET STRING } 
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AttributeCertif icate ; 
acinf o 

signatureAlgorithm 
s ignatureValue 



SEQUENCE { 

AttributeCertif icatelnf o, 
Algorithmldentif ier, 
BIT STRING 



AttributeCertif icatelnf o : 
version 
holder 
issuer 
signature 
serialNumber 
at trCert Validity-Period 
attributes 
issuerUniquelD 
extensions 



SEQUENCE { 
AttCertVersion DEFAULT vl, 
Holder, 

At t Cert Issuer, 
Algorithmldentif ier , 
Cert if icateSerialNumber , 
AttCertValidityPeriod, 
SEQUENCE OF Attribute, 
Uniqueldentif ier OPTIONAL , 
Extensions OPTIONAL 



AttCertVersion 



INTEGER { vl (0) , v2 (1) } 



Holder : : = SEQUENCE { 

baseCertif icatelD 



entityName 
objectDigestlnf o 



[0] IssuerSerial OPTIONAL, 

-- the issuer and serial number of 

-- the holder's Public Key Certificate 

[1] GeneralNames OPTIONAL, 

the name of the claimant or role 
[2] ObjectDigestlnfo OPTIONAL 

if present, version must be v2 



} 



ObjectDigestlnfo :: = SEQUENCE { 

digestedObj ectType ENUMERATED 
publicKey 
publicKeyCert 
otherOb j ectTypes 



{ 



otherOb j ectTypelD 
digest Algorithm 
objectDigest 



(0) , 

(1) , 

(2) }, 

otherOb j ectTypes MUST NOT 
-- be used in this profile 
OBJECT IDENTIFIER OPTIONAL, 
Algorithmldentif ier, 
BIT STRING 



Prior Art 



Figure 4B 



8/11 

AUS920010140US1 



AttCertlssuer ::= CHOICE { 

vlForm GeneralNames, -v1orv2 
v2Form [0] V2Form - v2 only 

} 

V2Form ::= SEQUENCE { 

issuerName GeneralNames OPTIONAL, 

baseCertificatelD [0] IssuerSerial OPTIONAL, 
objectDigestlnfo [1] ObjectDigestinfo OPTIONAL 
at least one of issuerName, baseCertificatelD 
» or objectDigestlnfo MUST be present} 

IssuerSerial ::= SEQUENCE { 

issuer GeneralNames, 

serial CertificateSerialNumber, 

issuerUID Uniqueldentifier OPTIONAL 

} 

AttCertValidityPeriod ::= SEQUENCE { 
notBeforeTime GeneralizedTime, 
notAfterTime GeneralizedTime 

} 

Attribute ::= SEQUENCE { 

type AttributeType, 
values SET OF AttributeValue 
- at least one value is required 

} 

AttributeType ::= OBJECT IDENTIFIER 
AttributeValue ::= ANY DEFINED BY AttributeType 

Prior Art 
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name id-aca-authenticationlnfo 
OID { id-aca 1 } 
Syntax SvceAuthlnfo 
values: Multiple allowed 

SvceAuthlnfo ::= SEQUENCE { 
service GeneralName, 
ident GeneralName, 
authlnfo OCTET STRING OPTIONAL 

} 
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